End User License Agreement

The following terms and conditions of this End User license Agreement („Agreement“) govern the use by the organization signing below („Customer“) of the service „VUPEN Vulnerability Research & Intelligence Service“, including its related documentation („Documentation“) provided in connection with said service (collectively, the „Intelligence“) that VUPEN Security, a French company registered with the „Registre du Commerce et des Sociétés“ of Montpellier under the number B 478502123 and whose head office’s address is stated on page 1, may provide or make available to Customer as part of the Intelligence.

This Agreement further governs the use by Customer of any software, binary code, source code, exploit, proof-of-concept, analysis, reports, media, and printed materials provided under this service. For the purpose of this Agreement, any media, reports and printed materials provided under this optional service, shall be deemed as part of the „Intelligence“.

IMPORTANT: The Intelligence and Documentation are designed to allow Customer to keep ahead of the latest software vulnerabilities that could potentially affect Customer’s environment, by providing timely, actionable information and guidance to help mitigate risks from unknown vulnerabilities or exploits. Under this Agreement, VUPEN Security does not provide any service relating to prior analysis of Customer’s environment to evaluate potential adverse consequences on said Customer’s environment which could result from the performance or use of said intelligence nor any assistance is handling environment safety with respect of the same. Customer declares that he is fully aware that the protection of his assets and data is part of its own duty.

1. LICENSE GRANT.

Subject to required annual license fees payment by Customer, VUPEN Security grants to Customer a personal, non-transferable non-exclusive and non-sublicensable worldwide license to use the Intelligence for its own internal environment security protection and defense needs as described in the Documentation, in accordance with the terms and conditions set forth in this Agreement. Under the same conditions, this Agreement further grants Customer the right to use Documentation that VUPEN Security may release and provide to Customer as part of the Intelligence. VUPEN Security makes available the Intelligence and Documentation to Customer on VUPEN Security dedicated platform stated in the order, and grants to Customer the right to modify provided source or binary code solely for the purpose of exercising its limited license rights hereunder.

2. RESERVATION OF RIGHTS AND RESTRICTIONS ON USE.

The Intelligence and Documentation are protected by intellectual property laws and international treaty provisions. Customer does not acquire, and VUPEN Security hereby reserves, any and all rights to the Intelligence and Documentation, either in object and source code, except as expressly set forth in this Agreement. Customer acknowledges that no title or ownership to the intellectual property in the Intelligence and Documentation, both in object and source code, is transferred to Customer.

Customer agrees that Customer will not attempt to rent, lease, sub-license, loan, auction, deal in, create derivative works of or merge the Intelligence and/or Documentation, in whole or in part, both in object and source code, use the Intelligence and/or the Documentation to provide Services to third parties, or make available in whatever form or format parts of the Intelligence and/or the Documentation, or authorize any third party to do any of the foregoing or remove any proprietary notice, labels or marks on the Intelligence and/or the Documentation.

Except as provided herein, Customer shall further refrain from using, modifying or adapting the Intelligence and/or the Documentation for any other purpose than as provided under this Agreement.

Customer shall ensure that all authorized users use the Intelligence and the Documentation with in strict compliance with the terms and conditions of this Agreement.

Customer and VUPEN Security agree to keep confidential all data and information provided or shared as part of this agreement in accordance with the signed Non-Disclosure Agreement.

Regarding more particularly the binary analysis, exploit or proof-of concept codes, Customer declares being fully aware that the Intelligence and Documentation constitute a valuable asset of VUPEN Security with regards to related research efforts and investments.

Customer shall be deemed to have all duties of custodian of the binary analysis, exploit or proof-of concept codes, including but not limited to, taking all measure in order to ensure strict confidentiality as well as physical and logical security of said Intelligence and Documentation, to avoid any access and/or use of said Intelligence and Documentation by any third party and/or outside the scope of this Agreement. Customer shall strictly comply with any and all VUPEN Security instructions in respect of the Intelligence and Documentation safety, return and/or destruction.

Customer shall in the same manner be fully responsible for maintaining confidentiality and security of any assigned password provided by VUPEN Security for the use of the Intelligence and/or the Documentation, as well as for all activities that may occur under said password.

Customer shall immediately inform VUPEN Security of any unauthorized access to or use of the Intelligence, Documentation, binary analysis, exploits, proof-of concept codes, passwords and more generally the Intelligence or Documentation of which Customer becomes aware.

4. INTELLIGENCE AND RESEARCH REPORTS

Under this Agreement and subject to annual license fee payment by Customer, VUPEN Security will make available to Customer, during subscription, a specific number of Intelligence and Documentation reports. The number of Intelligence and Documentation reports that will be downloaded by Customer during the subscription period shall not exceed the maximum number of authorized reports defined in the invoice issued by VUPEN Security.

Customer agrees that VUPEN Security will focus on actionable research defining new vulnerabilities uncovered in prominent enterprise-level software and infrastructure components. VUPEN Security defines actionable as anything representing a significant threat of damage or compromise to its customers and/or the general public, thus requiring protective action. VUPEN Security defines prominent software and components as anything known by VUPEN Security to be in general use by its customers and/or known to be in widespread public use.

VUPEN Security will have sole discretion to determine the list of software and components to be analyzed for new security vulnerabilities.

5. TERM / TERMINATION.

Term. The initial term of this Agreement shall commence on the date of fees payment and shall continue for a 12-month period. This Agreement shall be automatically renewed for successive 12 month periods, each party reserving the right any oppose any such renewals by 3 months notice addressed to the other party by registered letter with acknowledgement of receipt.

VUPEN Security may, by written notice to Customer, terminate this Agreement and all rights granted hereunder if any of the following events occur: (i) Customer fails to pay any amount due to VUPEN Security within thirty (30) days after VUPEN Security gives Customer written notice of such non-payment, or (ii) Customer is in breach of an obligation under the Agreement in respect of VUPEN Security intellectual property rights or confidential information which, if capable of cure, is not cured within fifteen (15) days after VUPEN Security gives Customer written notice of such breach.

Duties Upon Termination. Customer will remain obligated for the payment of all fees specified in all orders submitted to VUPEN Security prior to termination, provided that if such termination arises from VUPEN Security’s breach of a material obligation hereunder that VUPEN Security has failed to cure within a reasonable time after written notice from Customer, then, the fees payable by Customer shall be subject to all rights and remedies which Customer may have as a result of VUPEN Security. Upon termination, Customer will additionally cease all use of the Intelligence and Documentation licensed hereunder and will promptly destroy all copies of such Intelligence and Documentation in its possession or control.

6. NO WARRANTY

VUPEN SECURITY EXCLUDES ANY WARRANTY THAT THE INTELLIGENCE OR DOCUMENTATION ARE ERROR FREE OR WILL PROTECT FROM VULNERABILITY OR MALICIOUS CODE THREATS OR THAT USE OF THE INTELLIGENCE OR DOCUMENTATION WILL ALLOW CUSTOMER TO KEEP ITS NETWORK OR ENVIRONMENT FREE FROM ATTACKS OR MALICIOUS CODE, OR SAFE FROM INTRUSIONS OR OTHER SECURITY BREACHES. VUPEN SECURITY DISCLAIMS ALL WARRANTIES, TERMS AND CONDITIONS WITH RESPECT TO THE INTELLIGENCE OR DOCUMENTATION AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS, INCLUDING THIRD PARTY INFRINGEMENT INDEMNIFICATION.

7. LIMITATION OF LIABILITY

TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL VUPEN SECURITY BE LIABLE TO CUSTOMER FOR ANY INDIRECT DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF ANTICIPATED BENEFITS OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THIS AGREEMENT OR THE DELIVERY, PERFORMANCE OR USE OF THE INTELLIGENCE OR DOCUMENTATION.

CUSTOMER EXPRESSLY ACKNOWLEDGES AND AGREES THAT IT IS SOLELY RESPONSIBLE FOR THE PROPER SECURITY OF ITS INFORMATION TECHNOLOGY ENVIRONMENT PRIOR TO AND AFTER THE USE OF THE INTELLIGENCE OR DOCUMENTATION.

IN NO EVENT WILL VUPEN SECURITY’S LIABILITY FOR ANY CLAIM EXCEED THE AMOUNT OF THE FEE-PAID BY CUSTOMER FOR THE INTELLIGENCE OR DOCUMENTATION.

EXCEPT FOR ACTIONS FOR NON-PAYMENT OR BREACH OR MISUSE OF EITHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, NO ACTION (REGARDLESS OF FORM) ARISING OUT OF THIS AGREEMENT MAY BE COMMENCED BY EITHER PARTY MORE THAN ONE (1) YEAR AFTER THE CAUSE OF ACTION HAS ACCRUED.

8. ENTIRE AGREEMENT, SEVERABILITY AND ASSIGNABILITY

This Agreement constitutes the entire agreement between the parties with respect to the use of the Intelligence and Documentation and supersedes any conﬂicting or additional terms contained in any order or elsewhere, all of which terms are excluded.

If a court or other competent tribunal in any jurisdiction finds any provision of this Agreement invalid, such invalidity shall not affect the remaining provisions of the Agreement, which shall remain in full force and effect.

VUPEN Security may assign its rights and obligations to any third party, provided that no such assignment shall relieve said third party of its obligations under this Agreement. Customer may not assign any right or obligation under this Agreement except with VUPEN Security’s prior written consent.

9. GOVERNING LAW AND FORUM

This Agreement and any dispute arising out of or in connection with this Agreement shall be governed by the laws of Germany. The courts in Bonn (Germany) shall have exclusive jurisdiction over any dispute arising out of or in connection with this Agreement, except that VUPEN Security may obtain preliminary or permanent injunctive relief from any court of competent jurisdiction worldwide.

This non-disclosure agreement is entered into this 17 / Mar / 2011 by and between BSI (hereinafter „Recipient“), with offices at BONN, GERMANY and VUPEN Security, with offices at Montpeilier – France (hereinafter „Discloser“).

WHEREAS Discloser possesses information relating to software vulnerabilities, security research, and exploits and proof-of—concept codes that are confidential and proprietary to the Discloser (hereinafter „Confidential information“); and WHEREAS the Recipient is willing to receive disclosure of the Confidential information pursuant to the terms of this agreement for the purpose of internal review; NOW THEREFORE, in consideration for the mutual undertakings of the Discloser and the Recipient under this agreement, the parties agree to the below terms as follows:

1. Disclosure. The Discloser agrees to disclose, and the Receiver agrees to receive the Confidential Information.

2. Confidentiality.

2.1 No Use. The Recipient agrees not to use the Confidential information in any way or manufacture or test any product embodying Confidential information, except for the purpose authorized by the Discloser.

2.2 No Disclosure. The Recipient agrees to prevent and protect the Confidential Information, or any part thereof. from disclosure to any person other than the Recipient’s employees that have a need for disclosure in connection with the Recipient’s authorized use of the Confidential information.

2.3 Protection of Secrecy. The Recipient agrees to protect the secrecy of the Confidential Information and to prevent the Confidential Information from falling into the public domain or into the possession of unauthorized persons.

3. Ownership of Confidential Information. The Recipient agrees that all Confidential information shall remain the property of Discloser and that the Discloser may use such Confidential information for any purpose without obligation to Recipient.

Nothing contained herein shall be construed as granting or implying to the Recipient any transfer of rights, any patents, or any other intellectual property pertaining to the Confidential Information.

4. Term and Termination. This agreement shall be continuing until the Confidential information disclosed to the Recipient is no longer confidential. The rights and obligations of all parties shall survive the termination of this agreement for a period of five (5) years.

5. Survival of Rights and Obligations. This agreement shall be binding upon, inure to the benefit of, and be enforceable by (a) the Discloser, its successors and assignees; and (b) the Recipient, its successors and assignees.

IN WITNESS WHEREOF, the parties have executed this agreement effective as of the date first written above.